Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".Rather than get into details here, I urge you to check out this announcement post. It's a massive upgrade, and well worth checking out. -E

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Seeking explanation of high ports listening:

Hey all,

A customer has to show all listening ports on there firewall and netstat -an reveals several (approx. 20) ports > 50000 listening to 0.0.0.0 (IE all) on their box. I thought maybe it was for NAT or something along those lines, but when I checked my VM SPLAT, after installing a super basic policy ensuring no NATing/VPN was enabled, I found the close to the same amount of high ports listening on it. Adding the -p tag showed they all (with the exception of one) were open by fwd; therefore, a cpstop closed them. Anyone know why Check Points firewall uses these high ports?

Policy properly blocks access to them; thus the need for the stealth rule, but customer still needs to explain the listening ports...

Re: Seeking explanation of high ports listening:

Thank you,

I actually ran across those in my initial research and saw the two > 50000 ports on the list but that doesn't explain the rest of the 20 of them... Hmm... I suppose they are for various management functionalities as well, and CP hasn't been forthcoming with my direct inquiry to them. I guess its one of those, unless you develop for CP, you'll never know. I provided what I could to customer, and emphasized the need of stealth rule and defining guiclients, due to this, and that seemed to satisfy his inquiry.